PT-2009-5548 · Canonical+2 · Ubuntu+3

Russell Senior

Publicado

2009-09-17

Atualizado

2024-02-13

CVE-2009-3232

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions pam-auth-update for PAM versions in Ubuntu 8.10 and 9.4, and Debian GNU/Linux (affected versions not specified)

Description The issue is related to the handling of an "empty selection" for system authentication modules in certain rare configurations. This causes any authentication attempt to be successful, allowing remote attackers to bypass authentication.

Recommendations For Ubuntu 8.10 and 9.4, and Debian GNU/Linux, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

CVE-2009-3232

Produtos afetados

Debian

Pam

Ubuntu

Pam-Auth-Update

PT-2009-5548 · Canonical+2 · Ubuntu+3

CVE-2009-3232

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10